Bug #16828
closed
Kernel panic (page fault) in ``bpfmtap`` via ``vlantransmit`` with Suricata BPF listeners active on VLAN interfaces
0%
Description
pfSense Version: pfSense Plus 26.03 (RELENG_26_03, built 2026-03-20)
Hardware: ASRock Rack D1521D4I (Xeon D-1521, 4-core, Broadwell-DE)
Onboard NIC: Intel I210 (igb driver)
PCIe NIC: Intel 82599ES 10GbE SFP+ (ixgbe driver)
RAM: 8 GB
Summary:
Recurring kernel panics (page fault) occurring multiple times over ~2 weeks.
Crash dumps show bpfmtap faulting during IP forwarding through VLAN interfaces
while Suricata has active BPF listeners on those VLANs.
Crash Stack Trace:
ipinput → iptryforward → etheroutput → etheroutputframe
→ vlantransmit → bpfmtap ← PAGE FAULT
Running at time of crash:
- Suricata with BPF listeners on ix1.40 and ix1.70 (VLAN sub-interfaces on 82599ES)
- Multiple Suricata instances (ix1.70, ix1.40)
Crash dates: 2026-04-23, 2026-04-30, 2026-05-01, 2026-05-04
Files
Related issues
Updated by Jim Pingle 13 days ago
- Project changed from pfSense Packages to pfSense
- Subject changed from Kernel panic (page fault) in bpfmtap via vlantransmit when Suricata BPF listeners active on VLAN interfaces (26.03) to Kernel panic (page fault) in ``bpfmtap`` via ``vlantransmit`` with Suricata BPF listeners active on VLAN interfaces
- Category changed from Suricata to FreeBSD
- Status changed from New to Resolved
- Assignee set to Mateusz Guzik
- Target version set to 2.9.0
- Plus Target Version set to 26.03.1
- Affected Plus Version deleted (
26.03) - Release Notes set to Default
Updated by Jim Pingle 13 days ago
- Is duplicate of Regression #16790: Kernel panic due to race condition on a ``bpf`` device added